我正在寻找此解决方案的最佳实践的答案。我有一个 IOT 项目正在进行,需要在两条路径上进行身份验证。用户和设备。
我正在尝试做的是分别在用户和设备上完全控制路由身份验证,所以我认为创建两个单独的 JWT 服务是合适的。
Feathers:4.5.8 我的身份验证服务看起来像这样
export default function (app: Application): void {
const deviceAuthentication = new DeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
const authentication = new AuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
//hooks /someapi
{before:{ get: [authenticate('device-jwt')]}
//config
"device-authentication": {
"entity": "device",
"service": "devices",
"secret": "***",
"authStrategies": [
"device-jwt",
"device"
],
"device": {
"usernameField": "uuid",
"altUsernameField": "email",
"passwordField": "password"
},
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://something.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
}
},
"authentication": {
"entity": "user",
"service": "users",
"secret": "*****",
"authStrategies": [
"jwt",
"local"
],
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://somthing.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
},
"local": {
"usernameField": "email",
"passwordField": "password"
},
"oauth": {
"redirect": "/",
"auth0": {
"key": "<auth0 oauth key>",
"secret": "<auth0 oauth secret>",
"subdomain": "<auth0 subdomain>"
},
"google": {
"key": "<google oauth key>",
"secret": "<google oauth secret>",
"scope": [
"email",
"profile",
"openid"
]
},
"facebook": {
"key": "<facebook oauth key>",
"secret": "<facebook oauth secret>"
},
"twitter": {
"key": "<twitter oauth key>",
"secret": "<twitter oauth secret>"
},
"github": {
"key": "<github oauth key>",
"secret": "<github oauth secret>"
}
}
},
我遇到的问题是,当我对用户使用 GET 时,我希望对 /authentication 服务的 jwt 策略进行身份验证。调试说我正在解析 jwt 策略,但得到的结果见这里
Invalid authentication information (strategy not allowed in authStrategies)
调试中尝试的 jwt 策略是“device-jwt”
如果将服务功能交换为
export default function (app: Application): void {
const authentication = new SippAuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
const deviceAuthentication = new SippDeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
恰恰相反,我将在用户身份验证服务上收到相同的消息,但它永远不会到达设备身份验证服务
错误在这里抛出
///AuthenticationService.authenticate. node_modules/@feathersjs/authentication/src/core.js (204)
if (!authentication || !authStrategy || !strategyAllowed) {
const additionalInfo = (!strategy && ' (no `strategy` set)') ||
(!strategyAllowed && ' (strategy not allowed in authStrategies)') || '';
// If there are no valid strategies or `authentication` is not an object
throw new NotAuthenticated('Invalid authentication information' + additionalInfo);
}
并且正如预期的那样strategyAllowed是错误的,因为“device-jwt”中不允许使用“jwt”
有没有更好的方法来解决这个问题?有没有办法利用快速next()功能来验证请求并将其传递给正确的身份验证服务?